This is not a tutorial on qmail in general, read Life with qmail for that. Instead, this is a tutorial on how to set up the individual services making up a running qmail installation.
Recommended qmail versions are:
In addition to the qmail implementation of choice, the following software is required:
The qmail daemon to do local deliveries.
qmail-srv
├── dependencies.d
│ ├── mount # empty/arbitrary
│ └── networking # empty/arbitrary
├── producer-for # qmail-log
├── run # see below
└── type # longrun
run script:
#!/bin/execlineb -P
fdmove -c 2 1
qmail-start ./Mail/inbox/
This pop3 server listens on port 995
and only accepts TLS encrypted connections.
qmail-pop3d-srv
├── dependencies.d
│ ├── mount # empty/arbitrary
│ └── networking # empty/arbitrary
├── notification-fd # 3
├── producer-for # qmail-pop3d-log
├── run # see below
└── type # longrun
run script,
assuming the certificates and user accounts are set up
as desceribed in the
ACME tutorial.
#!/bin/execlineb -P fdmove -c 2 1 fdmove 1 3 export KEYFILE /etc/ssl/letsencrypt/domain.key export CERTFILE /etc/ssl/letsencrypt/signed_chain.crt export TLS_UID @UIDOFTLSUSER@ export TLS_GID @GIDOFTLSUSER@ s6-tlsserver -v -c255 -1 -K30000 -S -- @YOURIP@ 995 authup pop3 checkpassword checknotroot qmail-pop3d ./Mail/inbox
qmail smtp server with option STARTTLS encryption. This again assumes TLS certificates are set up as described in the ACME tutorial.
qmail-smtpd-srv
├── dependencies.d
│ ├── mount # empty/arbitrary
│ └── networking # empty/arbitrary
├── notification-fd # 3
├── producer-for # qmail-smtpd-log
├── run # see below
└── type # longrun
With the following run script:
#!/bin/execlineb -P
fdmove -c 2 1
fdmove 1 3
export KEYFILE /etc/ssl/letsencrypt/domain.key
export CERTFILE /etc/ssl/letsencrypt/signed_chain.crt
export TLS_UID @UIDOFTLSUSER@
export TLS_GID @GIDOFTLSUSER@
s6-envuidgid qmaild
s6-tcpserver -v -c255 -1 -- @YOURIP@ 25
s6-ucspitlsd -K30000 -S --
s6-applyuidgid -Uz --
smtpd-starttls-proxy-io
qmail-smtpd
This server mandates STARTTLS encryption and login credentials. It is supposed to be used for users with an account on the server to send mail from a client.
qmail-smtpd-starttls-login-srv
├── dependencies.d
│ ├── mount # empty/arbitrary
│ └── networking # empty/arbitrary
├── notification-fd # 3
├── producer-for # qmail-smtpd-starttls-login-log
├── run # see below
└── type # longrun
With the following run script,
again requiring certificates are properly set up
in accordance with
ACME tutorial.
#!/bin/execlineb -P
fdmove -c 2 1
fdmove 1 3
export KEYFILE /etc/ssl/letsencrypt/domain.key
export CERTFILE /etc/ssl/letsencrypt/signed_chain.crt
export TLS_UID @UIDOFTLSUSER@
export TLS_GID @GIDOFTLSUSER@
s6-envuidgid qmaild
export UCSPITLS "!"
s6-tcpserver -v -c255 -1 -- @YOURIP@ 587
s6-ucspitlsd -K30000 -S
authup smtp
checkpassword
checknotroot
export RELAYCLIENT ""
fixsmtpio
qmail-smtpd
This server will require both a TLS encrypted connection and smpt authentication. It is intended for local users connecting form an external client.
qmail-smtpd-tls-srv
├── dependencies.d
│ ├── mount # empty/arbitrary
│ └── networking # empty/arbitrary
├── notification-fd # 3
├── producer-for # qmail-smtpd-tls-log
├── run # see below
└── type # longrun
With the following run script,
again requiring certificates are properly set up
in accordance with
ACME tutorial.
#!/bin/execlineb -P
fdmove -c 2 1
fdmove 1 3
export KEYFILE /etc/ssl/letsencrypt/domain.key
export CERTFILE /etc/ssl/letsencrypt/signed_chain.crt
export TLS_UID @UIDOFTLSUSER@
export TLS_GID @GIDOFTLSUSER@
s6-tlsserver -v -c255 -1 -K30000 -S -- @YOURIP@ 465
authup smtp
checkpassword
checknotroot
export RELAYCLIENT ""
fixsmtpio
qmail-smtpd